PAYMENT TERMINAL SHARING
First Claim
1. A method of configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the method comprising:
- transmitting a master-transport key from a payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner;
deriving, both at the payment provider and at the controlling entity, a transport key from the master-transport key using an identification number of the payment terminal;
symmetrically encrypting, by the controlling entity, the transport key using an access key specific to the payment terminal;
transmitting the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators;
decrypting the encrypted transport key at the payment terminal with the access key;
deriving, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal;
symmetrically encrypting the first encryption key with the transport key;
transmitting the encrypted first encryption key to the payment terminal;
decrypting the encrypted first encryption key at the payment terminal with the decrypted transport key; and
deriving, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal,wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for payment terminal sharing. A payment terminal is configured to become usable as a payment terminal shared by a plurality of operators with cryptographic segregation between the different operators of the payment terminal. An operator- and terminal-specific transport key is provided to the payment terminal. An operator- and terminal-specific initial-encryption key is derived, by the payment provider, from an operator-specific base-derivation key using the terminal-identification number, or an additional identification number of the payment terminal. The operator- and terminal-specific initial-encryption key is transmitted to the payment terminal, and is decrypted at the payment terminal. An operator- and transaction-specific encryption key is derived, both at the payment provider and the payment terminal, from the operator- and terminal-specific initial-encryption key using a transaction-specific number associated with this transaction, when performing a transaction with the payment terminal.
-
Citations
21 Claims
-
1. A method of configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the method comprising:
-
transmitting a master-transport key from a payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner; deriving, both at the payment provider and at the controlling entity, a transport key from the master-transport key using an identification number of the payment terminal; symmetrically encrypting, by the controlling entity, the transport key using an access key specific to the payment terminal; transmitting the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators; decrypting the encrypted transport key at the payment terminal with the access key; deriving, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal; symmetrically encrypting the first encryption key with the transport key; transmitting the encrypted first encryption key to the payment terminal; decrypting the encrypted first encryption key at the payment terminal with the decrypted transport key; and deriving, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
2. (canceled)
-
3. A method of configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the method comprising:
-
deriving, at a payment provider, a transport key from a master-transport key using an identification number of the payment terminal; transmitting the transport key from the payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner; symmetrically encrypting, by the controlling entity, the transport key with an access key; transmitting the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators; decrypting the encrypted transport key at the payment terminal with the access key; deriving, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal; symmetrically encrypting the first encryption key with the transport key; transmitting the encrypted first encryption key to the payment terminal; decrypting the encrypted first encryption key at the payment terminal with the decrypted transport key; and deriving, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
-
-
4. A method of configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the method comprising:
-
receiving an encrypted transport key as manual input into the payment terminal, wherein a controlling entity controls usage of the payment terminal in an operator-selective manner based upon the transport key; decrypting the encrypted transport key at the payment terminal with an access key; deriving, by a payment provider, a first encryption key from a base-derivation key using an identification number of the payment terminal; symmetrically encrypting the first encryption key with the transport key; transmitting the encrypted first encryption key to the payment terminal; decrypting the encrypted first encryption key at the payment terminal with the decrypted transport key; and deriving, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
-
-
11. A system for configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the system comprising:
-
at least one processor; and a memory coupled to the at least one processor, the memory including program code configured to be executed by the at least one processor to cause the system to; transmit a master-transport key from a payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner; derive, both at the payment provider and at the controlling entity, a transport key from the master-transport key using an identification number of the payment terminal; symmetrically encrypt, by the controlling entity, the transport key using an access key specific to the payment terminal; transmit the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators; decrypt the encrypted transport key at the payment terminal with the access key; derive, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal; symmetrically encrypt the first encryption key with the transport key; transmit the encrypted first encryption key to the payment terminal; decrypt the encrypted first encryption key at the payment terminal with the decrypted transport key; and derive, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
12. (canceled)
-
13. A system for configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the system comprising:
-
at least one processor; and a memory coupled to the at least one processor, the memory including program code configured to be executed by the at least one processor to cause the system to; derive, at a payment provider, a transport key from a master-transport key using an identification number of the payment terminal; transmit the transport key from the payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner; symmetrically encrypt, by the controlling entity, the transport key with an access key; transmit the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators; decrypt the encrypted transport key at the payment terminal with the access key; derive, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal; symmetrically encrypt the first encryption key with the transport key; transmit the encrypted first encryption key to the payment terminal; decrypt the encrypted first encryption key at the payment terminal with the decrypted transport key; and derive, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
-
-
14. A system for configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the system comprising:
-
at least one processor; and a memory coupled to the at least one processor, the memory including program code configured to be executed by the at least one processor to cause the system to; receive an encrypted transport key as manual input into the payment terminal, wherein a controlling entity controls usage of the payment terminal in an operator-selective manner based upon the transport key; decrypt the encrypted transport key at the payment terminal with an access key; derive, by a payment provider, a first encryption key from a base-derivation key using an identification number of the payment terminal; symmetrically encrypt the first encryption key with the transport key; transmit the encrypted first encryption key to the payment terminal; decrypt the encrypted first encryption key at the payment terminal with the decrypted transport key; and derive, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
-
-
21. A computer program product for configuring a payment terminal to be shared by a plurality of operators with cryptographic segregation between different operators, the computer program product comprising:
-
a non-transitory computer readable storage medium; and instructions stored on the non-transitory computer readable storage medium that, when executed by a processor, cause the processor to; transmit a master-transport key from a payment provider to a controlling entity associated with the payment terminal in a confidentiality-secured manner; derive, both at the payment provider and at the controlling entity, a transport key from the master-transport key using an identification number of the payment terminal; symmetrically encrypt, by the controlling entity, the transport key using an access key specific to the payment terminal; transmit the encrypted transport key to the payment terminal, wherein the controlling entity controls usage of the payment terminal in an operator-selective manner by the transmission of the encrypted transport key, and the master-transport key is specific to one of the operators; decrypt the encrypted transport key at the payment terminal with the access key; derive, by the payment provider, a first encryption key from a base-derivation key using the identification number of the payment terminal; symmetrically encrypt the first encryption key with the transport key; transmit the encrypted first encryption key to the payment terminal; decrypt the encrypted first encryption key at the payment terminal with the decrypted transport key; and derive, both at the payment provider and at the payment terminal, a second encryption key from the first encryption key using a transaction-specific number associated with a payment transaction, when performing the payment transaction with the payment terminal, wherein the transport key, the first encryption key, and the second encryption key are specific to one of the operators and to the payment terminal, and the base-derivation key is specific to one of the operators.
-
Specification